DEVELOPING AN INTEGRATED CYBERSECURITY AUDIT GUIDELINE: HARMONIZING DIVERSE FRAMEWORKS FOR ENHANCED SPECIFICITY GUIDELINE

Abstract

This thesis addresses the critical challenge of adapting generic audit practices to the specialized demands of cybersecurity within the Indonesian banking sector. It identifies significant deficiencies in existing audit Standard Operating Procedures (SOPs), particularly their lack of specific cybersecurity risk assessment methodologies and a dedicated Risk and Control Matrix (RCM). In response, a revised SOP is proposed, fundamentally transforming the audit process through the integration of a NIST SP 800-30 based risk assessment and the development and testing of a Cybersecurity Risk Control Matrix (C-RCM). Expert validation confirms this new framework's comprehensive alignment with global standards like NIST CSF, ISO 27001, and GIAS, demonstrating its high relevance to the practical needs of Indonesian banking institutions in navigating contemporary cyber threats and regulatory requirements. While implementation presents a moderate complexity, demanding investment in specialized expertise and technology, the long-term benefits of enhanced cybersecurity posture and operational resilience are substantial. This research concludes that the proposed SOP offers an indispensable pathway for Indonesian banks to transition from reactive compliance to a proactive, adaptive cybersecurity audit paradigm.